2017 October Cisco Official New Released 400-251 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

As a professional IT exam study material provider, Lead2pass gives you more than just 400-251 exam questions and answers. We provide our customers with the most accurate study material about the 400-251 exam and the guarantee of pass. We assist you to prepare for 400-251 certification which is regarded valuable the IT sector.

QUESTION 301Which of the following two statements apply to EAP-FAST? (Choose two.)

A. EAP-FAST is useful when a strong password policy cannot be enforced and an 802.1X EAP type that does not require digital certificates can be deployed.B. EAP-FAST was developed only for Cisco devices and is not compliant with 802.1X and 802.11i.C. EAP-FAST provides protection from authentication forging and packet forgery (replay attack).D. EAP-FAST is a client/client security architecture.

Answer: AC

QUESTION 302On an ASA firewall in multiple context mode running version8.X.What is the default number of VPN site-to site tunnels per context?

A. 0 sessionsB. 2 sessionsC. 1 sessionsD. 4 sessions

Answer: AExplanation:VPN support fpr multiple contexts came with ASA software version 9.x

A. TKIP generates a MCI to provide data integrity for the wireless frame.B. The PMK is generated dynamically by the servers and passed to the access point.C. 802.1x authentication is performed in the second of two authentication phases.D. It is commonly used in home environments as well as enterprises.E. 802.1x authentication is performed in the first of two authentication phases.F. Session keys can be shared with multiple clients.

Answer: BE

QUESTION 304Drag and Drop QuestionDrag and drop the description on the left onto the associated items on the right.

Answer:

QUESTION 305Which two statement about the Cisco ASA in a transparent-mode deployment are true? (Choose two)

A. It block all ARP packets by default.B. It supports QoS.C. It supports iBGP.D. It can act as a DHCP server.E. It performs a MAC address look to forward traffic f) It performs a route lookup to forward traffic.

Answer: DE

QUESTION 306What functionality does SXP provide to enhance security?

A. It supports secure communication between cisco ironport Cisco and Microsoft Exchange.B. It supports Cisco’s trustsec solution by transporting information over network that are unable to support SGT propagation.C. It support secure communications between cisco ironport and cloud-based email servers.D. It support cisco’s trustsec implementation on virtual machines.

Answer: B

QUESTION 307Drag each IPSec term on the left to the definition on the right.

Answer:

QUESTION 308Which two statements about the RC4 algorithm are true? (Choose two.)

A. The RC4 algorithm is an asymmetric key algorithm.B. The RC4 algorithm is a symmetric key algorithm.C. The RC4 algorithm is slower in computation than DES.D. The RC4 algorithm is used with wireless encryption protocols.E. The RC4 algorithm uses fixed-length keys.

A. A community port can send traffic to community port in other communities on its broadcast domain.B. An isolated port can send and receive traffic only to and from promiscuous ports.C. An isolated port can receive traffic from promiscuous port in an community on its broadcast domain, but can send traffic only to port in its own community.D. A promiscuous port can send traffic promiscuous port in other communities on its broadcast domain.E. A community port can send traffic to promiscuous port in other communities on its broadcast domain.F. A Promiscuous port can send traffic to all ports within a broadcast domain.

Answer: BF

QUESTION 310Which three of these are security properties that TLS v1.2 provides?(Choose three)?

QUESTION 311Refer to the exhibit. Which statement about this debug output is true?

A. It was generated by a LAN controller when it responded to a join request from an access pointB. It was generated by a LAN controller when it generated a join request to an access pointC. It was generated by an access point when it sent a join reply message to a LAN controllerD. It was generated by an access point when it received a join request message from a LAN controller

Answer: A

QUESTION 312Drag and Drop QuestionDrag each ISE probe on the left to the matching statement on the right.

QUESTION 315You have configured a DMVPN hub and spoke a follows (assume the IPsec profile “dmvpnprofile” is configured correctly):

With this configuration, you notice that the IKE and IPsec SAs come up between the spoke and the hub, but NHRP registration fails. Registration will continue to fail until you do which of these?

A. Modify the tunnel keys to match on the hub and spokeB. Configure the ipnhrp cache non-authoritative command on the hub’s tunnel interfaceC. Modify the NHRP hold times to match on the hub and spokeD. Modify the NHRP network IDs to match on the hub and spoke

QUESTION 318Which of the following are OSPFv3 authentication options? (choose two)

A. AHB. ESPC. MD5D. SHAE. IPF. GRE

Answer: AB

QUESTION 319Two routers are trying to establish an OSPFv3 adjacency over an Ethernet link, but the adjacency is not forming. Which two options are possible reasons that prevent OSPFv3 to form between these two routers? (Choose two.)

QUESTION 320Which of the following are true regarding same security level interface inter-traffic communication on a Cisco ASA? (Choose three)

A. ASA support 101 security levels and more than 101 interfaces (include sub-interface)B. ASA canassign different interfaces to the same security levelC. by default, same security level port inter-traffic is not allowedD. ASA should activate inter-interface communication by default

Answer: ABC

QUESTION 321Which three statements about RLDP are true? (Choose three)

A. It can detect rogue Aps that use WPA encryptionB. It detects rogue access points that are connected to the wired networkC. The AP is unable to s^jrve clients while the RLDP process is activeD. Active Rogue Containment can be initiated manually against rogue devices detected the wired networkE. It can detect rogue APs that use WEP encryption

Answer: BCD

QUESTION 322Refer to the exhibit. Which statement about the effect of this configuration is true?

A. It prevents man-in-the-middle attacks.B. Replay protection is disabled.C. Out-of-order frames are dropped.D. The replay window size is set to infinity.

Answer: C

QUESTION 323All of these are available from cisco IPS Manager (cisco IDM) except which one?

QUESTION 324Which statement regarding the routing function of the Cisco ASA is true?

A. the ASA supports policy-based routing with route mapsB. The translation table can override the routing table for new connectionsC. In a failover paire of ASAs, thestanby firewall establishes a peer relationship with OSPF neighborsD. Routes to the Null0 interface can be configured to black-hole traffic

A. Browser based application should be filtered on the source to protect your network from known advertised prefixesB. Advertiseonly assigned global IP address to the internetC. Use ingress filtering to limit traffic from downstream network to known advertised prefixesD. Use the TLS protocol to secure the network against eavesdropping

Answer: C

Lead2pass.com has been the world leader in providing online training solutions for 400-251 Certification. You use our training materials that have been rigorously tested by international experts.